Cve 2026 50518
The latest Cve 2026 50518 coverage — news, analysis, and updates from the WindowsNews.AI desk.
Critical 9.8 RCE Flaw in Minecraft Bedrock Server Requires Immediate Manual Update
On July 14, 2026, Microsoft disclosed CVE-2026-55010, a critical 9.8-severity heap-based buffer overflow in Minecraft Bedrock Dedicated Server that allows unauthenticated remote code execution. The advisory does not list specific affected or fixed versions, so administrators must immediately update to the latest server build from minecraft.net, restrict network access, and run the service in an unprivileged account. Failure to act could let attackers take over Windows or Linux hosts.
LabubaRAT Malware Disguised as NVIDIA Software Gives Hackers Full Control of Windows PCs
Blackpoint Cyber researchers have uncovered LabubaRAT, a Rust-based Windows remote access trojan that impersonates NVIDIA container software. The malware can execute commands, steal files, and relay traffic while blending into environments where NVIDIA tools are expected. Users and administrators should verify NVIDIA binaries and watch for specific indicators of compromise.
Microsoft’s July 2026 Patch Tuesday Fixes RDP Flaw That Could Expose Sensitive Memory Data
Microsoft's July 14, 2026 security updates fix CVE-2026-54126, an information-disclosure vulnerability in Windows Remote Desktop Protocol. An unauthenticated attacker can exploit it by tricking a user into connecting to a malicious RDP server, potentially leaking memory contents. All supported Windows 10, 11, and Server editions require patching to specific builds, and administrators should also restrict outbound RDP and warn users about untrusted connection files.
Microsoft Patches Critical Windows DHCP Client Flaw—Here’s Why Every PC Needs the July 2026 Update
Microsoft has fixed CVE-2026-54128, a critical use-after-free bug in the Windows DHCP Client that can lead to arbitrary code execution on all supported Windows machines. Although the advisory calls it remote code execution, the published CVSS vector shows a local attack path, and no network-based exploitation has been confirmed. The July 2026 Patch Tuesday update is the only mitigation, and IT administrators should prioritize deploying it due to the “exploitation more likely” rating.
Microsoft Fixes DWM Heap Overflow (CVE-2026-50692) — Why This July Patch Matters for Windows Users
Microsoft’s July 2026 Patch Tuesday fixes CVE-2026-50692, a high-severity heap-based buffer overflow in Windows Desktop Window Manager that allows local privilege escalation. The flaw affects all supported Windows 10, 11, and Server versions, and while not yet exploited, it should be patched promptly to prevent post-compromise attacks.
Microsoft’s July Patches Close Windows Runtime Race Condition That Grants Attackers Full Control
Microsoft's July 2026 Patch Tuesday fixes CVE-2026-54125, a high-severity Windows Runtime flaw that lets local attackers escalate to full system control. The vulnerability affects all supported Windows versions; administrators should deploy the update immediately. Our guide covers what the bug does, affected builds, and deployment priorities.
No Click Needed: Microsoft’s July Update Fixes an SMB Data Leak That Helps Attackers After Breach
Microsoft's July 2026 Patch Tuesday included a fix for CVE-2026-50690, a locally exploitable SMB information-disclosure vulnerability that requires no user interaction. The bug lets an attacker with low-level access on a Windows machine read sensitive memory contents, aiding post-compromise attacks. The update is part of routine cumulative patches; administrators should prioritize SMB and multi-user servers.
Microsoft’s July 2026 Patch Tuesday Fixes OLE Bug That Allows Remote PC Takeover Without Any User Click
Microsoft’s July 2026 Patch Tuesday fixes CVE-2026-50686, a remote code execution flaw in Windows OLE that can be exploited over a network without user interaction. The high-severity bug affects nearly all supported Windows versions, from Server 2012 R2 to Windows 11 26H1. Users and admins must apply the cumulative update and verify the OS build to be protected.
Microsoft Fixes Windows 11 Win32k Bug That Could Let Attackers Take Over Your PC
Microsoft's July 14, 2026 security updates include a fix for CVE-2026-50687, a high-severity use-after-free flaw in Windows 11's Win32k component that could allow a local attacker to gain full system control. The patch, delivered via KB5101650 for Windows 11 24H2 and 25H2, and KB5099536 for Windows Server 2025, is essential for all affected systems. With no available workarounds and the potential for post-patch exploitation analysis, users and administrators should apply the update immediately.
CVE-2026-50685: The Windows DHCP Server RCE You Need to Patch, Exploits or Not
Microsoft’s July 2026 Patch Tuesday addresses CVE-2026-50685, a double-free remote code execution flaw in Windows DHCP Server. Rated Important with a CVSS 7.5, the bug requires an authorized attacker with high complexity. While no exploits are in the wild, administrators should inventory and patch all DHCP servers, leveraging the same cumulative update that also fixes other Critical DHCP flaws.
Microsoft Plugs Privilege Escalation Hole in Widely Deployed Windows DHCP Server — Patch Now
Microsoft's July 2026 Patch Tuesday fixed CVE-2026-50683, a high-severity heap-based buffer overflow in Windows DHCP Server (CVSS 8.0) that could let an adjacent-network attacker take complete control. All supported Windows Server releases are affected; Windows 11 is not. The article details affected versions, the required patch builds, why "adjacent network" is still a serious risk, and how to patch and verify protection before exploits appear.
Microsoft Patches Active Directory DoS Flaw That Needs Only Low-Privilege Account
Microsoft's July 2026 Patch Tuesday addressed CVE-2026-50682, a denial-of-service vulnerability in Windows Active Directory that requires only a low-privilege authenticated account. The flaw can disrupt domain controllers over the network with low complexity and no user interaction. Administrators should prioritize deploying the cumulative updates listed in the article to protect directory services.
Windows 11 July Update Patches Decade-Old Secure Boot Bootkit Vulnerability
Microsoft's July 2026 cumulative update KB5101650 for Windows 11 24H2 and 25H2 closes a decade-old Secure Boot bypass by revoking 11 vulnerable UEFI shim bootloaders. The update adds their hashes to the firmware's forbidden signature database, blocking an attacker technique that could load bootkits before the OS starts. Home users simply need to install the patch and keep Secure Boot on, while admins must check bootable media, deployment images, and offline systems to prevent operational surprises.